レプリケーション元アカウント(ID: 123456789012)
IAM ロール作成
- ロール名: S3RepSseS3Role
- インラインポリシー
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetReplicationConfiguration", "s3:ListBucket" ], "Resource": "arn:aws:s3:::rep-src-sse-s3" }, { "Effect": "Allow", "Action": [ "s3:GetObjectVersion", "s3:GetObjectVersionAcl" ], "Resource": "arn:aws:s3:::rep-src-sse-s3/*" }, { "Effect": "Allow", "Action": [ "s3:ReplicateObject", "s3:ReplicateDelete", "s3:ObjectOwnerOverrideToBucketOwner" ], "Resource": "arn:aws:s3:::rep-dst1-sse-s3/*" } ] }
- 信頼関係
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "s3.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
S3 バケット作成
レプリケーション先アカウント(ID: 234567890123)
S3 バケット作成
- rep-src-sse-s3
S3 バケットポリシー設定
{ "Version": "2012-10-17", "Id": "", "Statement": [ { "Sid": "Set permissions for objects", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:role/S3ReplicationRole" }, "Action": [ "s3:ReplicateObject", "s3:ReplicateDelete", "s3:ObjectOwnerOverrideToBucketOwner" ], "Resource": "arn:aws:s3:::rep-dst1-sse-s3/*" }, { "Sid": "Set permissions on bucket", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:role/S3ReplicationRole" }, "Action": [ "s3:GetBucketVersioning", "s3:PutBucketVersioning" ], "Resource": "arn:aws:s3:::rep-dst1-sse-s3" } ] }
テスト
- CloudShell を起動する
- 1GB のファイルを作成する
$ dd if=/dev/urandom of=1mb.dat bs=1M count=1
- ファイルを S3 にアップロードしてレプリケーションされるか確認する
$ aws s3 cp 1mb.dat s3://rep-src-sse-s3/